Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23253 | 1 Opera | 1 Opera Mini | 2021-01-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g. www.safe.opera.com…) The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue. | |||||
| CVE-1999-0731 | 1 Caldera | 1 Openlinux | 2021-01-19 | 4.6 MEDIUM | N/A |
| The KDE klock program allows local users to unlock a session using malformed input. | |||||
| CVE-2021-21471 | 1 Sap | 1 Cla-assistant | 2021-01-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application. | |||||
| CVE-2011-5154 | 1 Sap | 1 Graphical User Interface | 2021-01-15 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2021-0309 | 1 Google | 1 Android | 2021-01-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158480899. | |||||
| CVE-2021-0307 | 1 Google | 1 Android | 2021-01-13 | 7.2 HIGH | 7.8 HIGH |
| In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Android ID: A-155648771. | |||||
| CVE-2015-1042 | 1 Mantisbt | 1 Mantisbt | 2021-01-12 | 5.8 MEDIUM | N/A |
| The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator in the return parameter to login_page.php, a different vulnerability than CVE-2014-6316. | |||||
| CVE-2020-4762 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2021-01-08 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. IBM X-Force ID: 188896. | |||||
| CVE-2020-35875 | 1 Tokio | 1 Tokio-rustls | 2021-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly. | |||||
| CVE-2016-20003 | 1 Rest\/json Project | 1 Rest\/json | 2021-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2016-20008 | 1 Rest\/json Project | 1 Rest\/json | 2021-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2019-25003 | 1 Parity | 1 Libsecp256k1 | 2021-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information. | |||||
| CVE-2017-7273 | 1 Linux | 1 Linux Kernel | 2021-01-05 | 4.6 MEDIUM | 6.6 MEDIUM |
| The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. | |||||
| CVE-2015-1188 | 1 Swisscom | 2 Centro Grande, Centro Grande Firmware | 2021-01-05 | 7.5 HIGH | N/A |
| The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors. | |||||
| CVE-2020-6568 | 3 Fedoraproject, Google, Opensuse | 5 Fedora, Android, Chrome and 2 more | 2021-01-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-35784 | 1 Netgear | 8 Gs116e, Gs116e Firmware, Jgs516pe and 5 more | 2020-12-31 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48. | |||||
| CVE-2020-28282 | 1 Getobject Project | 1 Getobject | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28283 | 1 Libnested Project | 1 Libnested | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28912 | 2 Mariadb, Microsoft | 2 Mariadb, Windows | 2020-12-30 | 4.4 MEDIUM | 7.0 HIGH |
| With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503. | |||||
| CVE-2020-9120 | 1 Huawei | 1 Cloudengine 1800v | 2020-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally. | |||||